[Samba] ktpass.sh error / How to generate a keytab for a new service (apache) with SAMBA4?

Giedrius giedrius+samba at su.lt
Thu May 30 11:32:53 MDT 2013

    had the same error trying to re-setup DNS keytab.
    In my setup  kvno was indeed existing, not seen by ktpass.sh
    The problem:
            1)    ldbsearch -k 1 does not work with ldap://localhost or
ldap://IP    you *must*** use hostname of the machine
            2)    ldbsearch (at least in my setup) does not exists,
where ktpass.sh is trying to find it.... and ktpass.sh *does not
complain about it*

    Try passing: --path-to-ldbsearch <directory_of_ldbsearch>
    Or alternatively, apply attached path to your samba source tree (ne
recompile needed)

    You can verify if you have this principal by: samba-tool spn list
<your user that should have this principal>

2013.04.29 19:52, Tim Vangehugten rašė:
> Hi,
> I was trying to get a new keytab in samba4 for my apache service. So I
> tried the following command:
> sh ktpass.sh --out /etc/apache.keytab --princ
> HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN --pass VerySecure123 --enc
> des-cbc-md5
> I get the following error: Unable to find kvno for principal
> HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN
> Am I doing something wron or shouldn't I be using ktpass.sh?
> Best Regards
> Tim Vangehugten

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ktpass.patch
Type: text/x-patch
Size: 961 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20130530/efca2f30/attachment.bin>

More information about the samba mailing list